| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live Security Platinum entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.07.2012, 10:32
| #1 |
| |  Live Security Platinum entfernt? Liebe Forumsgemeinde, vor 3 Tagen erschien auf meinem Internetaccount mit eingeschränkten Rechten die Meldung, dass Live security Platinum diverse Viren gefunden hat. Nach verschiedenen Versuchen den Schädling zu vernichten, erscheint er seit heute morgen nicht mehr. Bei der Bearbeitung des Problems habe ich mich an die Vorschläge hier im Forum gehalten. Der Reihenfolge nach die Logs der benutzen Programme: Defogger defogger_disable by jpshortstuff (23.02.10.1) Log created at 08:14 on 13/07/2012 (hki) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Extras.txt Code:
ATTFilter OTL Extras logfile created on: 13.07.2012 08:24:15 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\hki\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,72% Memory free
12,00 Gb Paging File | 9,76 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 370,33 Gb Total Space | 206,93 Gb Free Space | 55,88% Space Free | Partition Type: NTFS
Drive D: | 691,21 Gb Total Space | 80,82 Gb Free Space | 11,69% Space Free | Partition Type: NTFS
Drive E: | 247,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive U: | 320,62 Gb Total Space | 1,41 Gb Free Space | 0,44% Space Free | Partition Type: NTFS
Computer Name: HKI-PC | User Name: hki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2603405234-708572302-3740042233-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{38B4A867-7567-44BC-B1BC-1CAE99347FE0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3BFDA9A7-9CC3-45E8-9965-BC709B9817AC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp3\wnt500x64\rpcsandrasrv.exe |
"{47DA7C08-2340-4285-802D-E2146CEB095E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{56750F05-EB8F-4D99-B7C0-842E1A58AA21}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F429820F-E606-47F4-BB64-91D05D221036}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp3\rpcagentsrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F9641D-1365-4A17-B2E5-BBA358FA4C70}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{1149BB47-3EF0-4410-BE83-0CF9D9B0B57F}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{1D09CB2C-444A-4099-8960-5E545E3252D1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{223296D0-E4E7-4D5A-8BB9-80C593C7CF6B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{33A0EBE8-19EE-4665-A2E4-81AE93BEA2A5}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{3FD90E5E-73EB-4F22-8D9D-09102348D06C}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{48F44B13-5AC9-4F0D-94F7-90CF8CC29934}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{4A9BECBE-39E1-4426-A70E-630503186D23}" = protocol=6 | dir=in | app=c:\users\internet\appdata\roaming\dropbox\bin\dropbox.exe |
"{5A477AFB-49D9-4A68-8F41-909477E5CDE8}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{6BD37915-1096-4DC8-ADC4-3EF19B221094}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{6F1D4340-3CAA-42AB-8DB6-D8145F98FBB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{75F65FDC-35DC-42BD-BF77-0A58B2F5A1F3}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{789642C4-11AA-4830-A789-AB3B13EB159F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{84BDEA78-A721-44FD-9263-23D9C712721E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{99922227-C06E-4E11-9685-A30F4635B67C}" = protocol=17 | dir=in | app=c:\users\internet\appdata\roaming\dropbox\bin\dropbox.exe |
"{A44DCF72-0DA9-41F4-95E1-DAA04E439E1A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{A572138E-10FD-4FCC-8D92-4A0DA70F03A7}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{B05A267C-58B4-465F-82DB-B63DDB5583D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BB9298BF-3900-4002-A8F3-97DC29DD5224}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C1205C73-1FB9-40D9-BDD2-EB2F5AD6FE70}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{CA1603F6-4EC4-416D-A0F9-2E5B09C05772}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{CBC46966-EB3F-4F4E-BEFF-66EDC0D981A1}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{D48EB5A2-897A-41B1-9081-834D42736A76}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E15BD730-9270-46FF-B791-293ECD79FCD9}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{E8E96145-EDFD-465B-8396-1D59AFAA454C}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"TCP Query User{05ECD588-93C2-4512-8B32-AE7451C8BEAD}D:\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\left 4 dead 2\left4dead2.exe |
"TCP Query User{10E12D27-997C-4544-B998-7818AC175DE5}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"TCP Query User{314307A6-5DB9-4880-B35C-6589658D94A4}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{83870E5E-5A5E-4536-922A-FC8F6B647DAA}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{A88FDCE1-935C-4E39-BCC7-38407DA9320F}D:\spiele\left 4 dead 2\left4dead2.heiising" = protocol=6 | dir=in | app=d:\spiele\left 4 dead 2\left4dead2.heiising |
"TCP Query User{EA656175-763E-4E25-9E24-EBFE729924DE}C:\users\internet\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\internet\appdata\local\programs\opera\opera.exe |
"TCP Query User{FD1527A1-C46B-462F-A5D1-07290F80A8AD}D:\left 4 dead\left 4 dead an wolfspc (192.168.0.12)\hl2.exe" = protocol=6 | dir=in | app=d:\left 4 dead\left 4 dead an wolfspc (192.168.0.12)\hl2.exe |
"UDP Query User{019FB322-85CB-4AD8-AB95-4E39F4308202}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{0A7194F7-8042-4CA7-8CD9-C800AEA34D03}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe |
"UDP Query User{46234BDB-18E2-42B7-96F5-835A3947892D}D:\spiele\left 4 dead 2\left4dead2.heiising" = protocol=17 | dir=in | app=d:\spiele\left 4 dead 2\left4dead2.heiising |
"UDP Query User{66BF89C6-20DC-4AA6-8C15-C73917E7D7AA}D:\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\left 4 dead 2\left4dead2.exe |
"UDP Query User{9E93EF2F-35B1-42F7-8655-181DDCE5B13C}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{DA803435-49A5-45AB-9237-9AE54C462A9D}C:\users\internet\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\internet\appdata\local\programs\opera\opera.exe |
"UDP Query User{DC295EE8-E9D4-4060-AC35-A6D5717AC0B5}D:\left 4 dead\left 4 dead an wolfspc (192.168.0.12)\hl2.exe" = protocol=17 | dir=in | app=d:\left 4 dead\left 4 dead an wolfspc (192.168.0.12)\hl2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP3
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000B8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9DCFC564-606E-424F-8A1C-56DD14908AF6}" = Serif PhotoPlus X2
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B672D77A-8BA3-24EF-3421-8FB8E35E2A8D}" = Catalyst Control Center InstallProxy
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{bd521da1-d38b-47ae-824a-c66007866327}" = Nero 9 Essentials
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F187CE58-99E6-443C-0321-61F9EB731B1B}" = MyTube Internet Recorder
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Call of Duty" = Call of Duty
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"Live 8.2.5" = Live 8.2.5
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Media Suite D" = MAGIX Media Suite
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE
"McAfee Security Scan" = McAfee Security Scan Plus
"Mediscript-CD GK3" = Mediscript-CD GK3
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"mufin player D" = mufin player
"Native Instruments Audio 8 DJ" = Native Instruments Audio 8 DJ
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"SpeedFan" = SpeedFan (remove only)
"TIMELEFT3_is1" = TimeLeft
"TIPP10_is1" = TIPP10 Version 2.1.0
"VLC media player" = VLC media player 1.1.9
"WebTemp_is1" = WebTemp 3.37 (kostenlose Version)
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2603405234-708572302-3740042233-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.11.2011 14:11:05 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
Zeitstempel: 0x481b677e Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
1.2.0.13, Zeitstempel: 0x481b677e Ausnahmecode: 0xc000000d Fehleroffset: 0x000ad694
ID
des fehlerhaften Prozesses: 0x474 Startzeit der fehlerhaften Anwendung: 0x01cca48b19defd49
Pfad
der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Pfad
des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Berichtskennung:
5942e4fa-107e-11e1-9816-0025114eeb49
Error - 16.11.2011 14:11:20 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
Zeitstempel: 0x481b677e Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
1.2.0.13, Zeitstempel: 0x481b677e Ausnahmecode: 0xc000000d Fehleroffset: 0x000ad694
ID
des fehlerhaften Prozesses: 0xc48 Startzeit der fehlerhaften Anwendung: 0x01cca48b2435a4d1
Pfad
der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Pfad
des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Berichtskennung:
621de8d6-107e-11e1-9816-0025114eeb49
Error - 16.11.2011 14:11:49 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
Zeitstempel: 0x481b677e Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
1.2.0.13, Zeitstempel: 0x481b677e Ausnahmecode: 0xc000000d Fehleroffset: 0x000ad694
ID
des fehlerhaften Prozesses: 0x8a0 Startzeit der fehlerhaften Anwendung: 0x01cca48b35c388a1
Pfad
der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Pfad
des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Berichtskennung:
73a58b14-107e-11e1-9816-0025114eeb49
Error - 16.11.2011 14:12:39 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
Zeitstempel: 0x481b677e Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
1.2.0.13, Zeitstempel: 0x481b677e Ausnahmecode: 0xc000000d Fehleroffset: 0x000ad694
ID
des fehlerhaften Prozesses: 0x1044 Startzeit der fehlerhaften Anwendung: 0x01cca48b5351a108
Pfad
der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Pfad
des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Berichtskennung:
913418ad-107e-11e1-9816-0025114eeb49
Error - 16.11.2011 14:17:32 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
Zeitstempel: 0x481b677e Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
1.2.0.13, Zeitstempel: 0x481b677e Ausnahmecode: 0xc000000d Fehleroffset: 0x000ad694
ID
des fehlerhaften Prozesses: 0x1330 Startzeit der fehlerhaften Anwendung: 0x01cca48c01517a84
Pfad
der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Pfad
des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Berichtskennung:
3fe325cb-107f-11e1-9816-0025114eeb49
Error - 16.11.2011 14:17:48 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
Zeitstempel: 0x481b677e Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
1.2.0.13, Zeitstempel: 0x481b677e Ausnahmecode: 0xc000000d Fehleroffset: 0x000ad694
ID
des fehlerhaften Prozesses: 0x8ec Startzeit der fehlerhaften Anwendung: 0x01cca48c0ba5e088
Pfad
der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Pfad
des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Berichtskennung:
4986836c-107f-11e1-9816-0025114eeb49
Error - 16.11.2011 14:18:21 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
Zeitstempel: 0x481b677e Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
1.2.0.13, Zeitstempel: 0x481b677e Ausnahmecode: 0xc000000d Fehleroffset: 0x000ad694
ID
des fehlerhaften Prozesses: 0xb70 Startzeit der fehlerhaften Anwendung: 0x01cca48c1ee5cf21
Pfad
der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Pfad
des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Berichtskennung:
5cce8858-107f-11e1-9816-0025114eeb49
Error - 16.11.2011 14:18:36 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
Zeitstempel: 0x481b677e Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
1.2.0.13, Zeitstempel: 0x481b677e Ausnahmecode: 0xc000000d Fehleroffset: 0x000ad694
ID
des fehlerhaften Prozesses: 0x13b4 Startzeit der fehlerhaften Anwendung: 0x01cca48c2807e64a
Pfad
der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Pfad
des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Berichtskennung:
65f6ba01-107f-11e1-9816-0025114eeb49
Error - 16.11.2011 14:25:10 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
Zeitstempel: 0x481b677e Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
1.2.0.13, Zeitstempel: 0x481b677e Ausnahmecode: 0xc000000d Fehleroffset: 0x000ad694
ID
des fehlerhaften Prozesses: 0x12e8 Startzeit der fehlerhaften Anwendung: 0x01cca48d11ffee2d
Pfad
der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Pfad
des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Berichtskennung:
50e04e51-1080-11e1-9816-0025114eeb49
Error - 16.11.2011 14:25:47 | Computer Name = hki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffectConfig.exe, Version: 1.2.0.13,
Zeitstempel: 0x481b677e Name des fehlerhaften Moduls: MassEffectConfig.exe, Version:
1.2.0.13, Zeitstempel: 0x481b677e Ausnahmecode: 0xc000000d Fehleroffset: 0x000ad694
ID
des fehlerhaften Prozesses: 0x1628 Startzeit der fehlerhaften Anwendung: 0x01cca48d291e423b
Pfad
der fehlerhaften Anwendung: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Pfad
des fehlerhaften Moduls: C:\Games\Mass Effect\Binaries\MassEffectConfig.exe Berichtskennung:
670a56d2-1080-11e1-9816-0025114eeb49
[ Cisco AnyConnect VPN Client Events ]
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 13.07.2012 02:05:51 | Computer Name = hki-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
[ Media Center Events ]
Error - 11.07.2012 17:38:28 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 23:38:28 - Fehler beim Herstellen der Internetverbindung. 23:38:28
- Serververbindung konnte nicht hergestellt werden..
Error - 11.07.2012 17:39:18 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 23:38:33 - Fehler beim Herstellen der Internetverbindung. 23:38:33
- Serververbindung konnte nicht hergestellt werden..
Error - 11.07.2012 18:43:53 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 00:43:47 - Fehler beim Herstellen der Internetverbindung. 00:43:50
- Serververbindung konnte nicht hergestellt werden..
Error - 11.07.2012 18:47:05 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 00:44:01 - Fehler beim Herstellen der Internetverbindung. 00:44:01
- Serververbindung konnte nicht hergestellt werden..
Error - 12.07.2012 02:58:08 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 08:58:06 - Fehler beim Herstellen der Internetverbindung. 08:58:06
- Serververbindung konnte nicht hergestellt werden..
Error - 12.07.2012 03:01:57 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 08:58:37 - Fehler beim Herstellen der Internetverbindung. 08:58:37
- Serververbindung konnte nicht hergestellt werden..
Error - 12.07.2012 04:17:16 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 10:16:15 - Fehler beim Herstellen der Internetverbindung. 10:16:49
- Serververbindung konnte nicht hergestellt werden..
Error - 12.07.2012 04:21:58 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 10:17:36 - Fehler beim Herstellen der Internetverbindung. 10:17:36
- Serververbindung konnte nicht hergestellt werden..
Error - 13.07.2012 00:58:00 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 06:57:56 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
Error - 13.07.2012 01:02:46 | Computer Name = hki-PC | Source = MCUpdate | ID = 0
Description = 06:58:21 - Fehler beim Herstellen der Internetverbindung. 06:58:21
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 12.07.2012 06:04:01 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description =
Error - 12.07.2012 06:04:02 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description =
Error - 12.07.2012 06:04:03 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description =
Error - 12.07.2012 06:20:11 | Computer Name = hki-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07 avipbb avkmgr discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr StarOpen Wanarpv6
Error - 12.07.2012 06:20:17 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description =
Error - 12.07.2012 06:20:23 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description =
Error - 12.07.2012 06:20:24 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description =
Error - 12.07.2012 06:20:25 | Computer Name = hki-PC | Source = DCOM | ID = 10005
Description =
Error - 13.07.2012 00:47:57 | Computer Name = hki-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 13.07.2012 00:48:33 | Computer Name = hki-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07 StarOpen
< End of report >
Code:
ATTFilter OTL logfile created on: 13.07.2012 08:24:15 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\hki\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,24 Gb Available Physical Memory | 70,72% Memory free 12,00 Gb Paging File | 9,76 Gb Available in Paging File | 81,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 370,33 Gb Total Space | 206,93 Gb Free Space | 55,88% Space Free | Partition Type: NTFS Drive D: | 691,21 Gb Total Space | 80,82 Gb Free Space | 11,69% Space Free | Partition Type: NTFS Drive E: | 247,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive U: | 320,62 Gb Total Space | 1,41 Gb Free Space | 0,44% Space Free | Partition Type: NTFS Computer Name: HKI-PC | User Name: hki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.13 07:59:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hki\Desktop\OTL.exe PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.06.17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2012.05.08 15:20:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 15:20:54 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.08 15:20:54 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 15:20:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.22 20:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2010.04.30 13:24:26 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.02.03 23:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2009.08.18 09:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.05.08 15:20:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 15:20:54 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.08 15:20:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.22 20:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.10.19 19:37:57 | 005,250,048 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2010.04.30 13:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.10 12:02:04 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.02.03 23:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 19:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 15:20:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 15:20:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.06 13:23:32 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07) DRV:64bit: - [2011.06.10 22:42:42 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.04.06 16:07:04 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.20 12:59:34 | 000,353,360 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a8djavs.sys -- (a8djavs) DRV:64bit: - [2010.10.20 12:59:34 | 000,094,288 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a8djusb.sys -- (a8djusb_svc) DRV:64bit: - [2009.07.14 10:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.12 12:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 23:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.02.23 03:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2011.05.19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17360311cn16973654k258h782vv9n IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE423DE423 IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=APN10023&gct=hp" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.23 15:46:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.23 15:46:30 | 000,000,000 | ---D | M] [2011.03.18 09:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hki\AppData\Roaming\mozilla\Extensions [2011.12.01 21:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hki\AppData\Roaming\mozilla\Firefox\Profiles\56k5fszm.default\extensions [2012.07.13 08:13:19 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\hki\AppData\Roaming\mozilla\Firefox\Profiles\56k5fszm.default\extensions\toolbar@ask.com [2011.12.28 18:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-2603405234-708572302-3740042233-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2603405234-708572302-3740042233-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\hki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C2EE7A-AD2C-45F2-AECB-866D401A5243}: DhcpNameServer = 168.95.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b18da2ea-6048-11e0-b9be-0025114eeb49}\Shell - "" = AutoRun O33 - MountPoints2\{b18da2ea-6048-11e0-b9be-0025114eeb49}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.13 08:04:32 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\hki\Desktop\OTH.scr [2012.07.13 08:04:03 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\hki\Desktop\mbam-setup-1.61.0.1400.exe [2012.07.13 07:59:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\hki\Desktop\OTL.exe [2012.07.12 11:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.12 08:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.07.12 08:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.07.12 08:16:54 | 000,000,000 | ---D | C] -- C:\Users\hki\Documents\Anti-Malware [2012.07.12 07:14:01 | 000,000,000 | ---D | C] -- C:\Users\hki\AppData\Roaming\Malwarebytes [2012.07.12 07:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.10 23:57:53 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.07.10 15:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E8588900268C41000133AAB4EB2367 [2012.07.07 17:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TimeLeft 3 [2012.07.07 17:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TimeLeft3 [2012.07.07 17:30:26 | 000,000,000 | ---D | C] -- C:\Users\hki\AppData\Roaming\NesterSoft [2012.06.24 12:42:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2012.06.24 09:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10 [2012.06.24 09:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tipp10 [2012.06.24 09:14:35 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4 [2012.06.24 09:11:00 | 000,000,000 | ---D | C] -- C:\Users\hki\Desktop\OpenOffice.org 3.4 (de) Installation Files [2012.06.22 18:45:30 | 000,000,000 | ---D | C] -- C:\Users\hki\AppData\Local\Macromedia [2012.06.22 13:29:34 | 000,000,000 | ---D | C] -- C:\ND Kram [2012.06.20 10:10:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.06.17 16:26:09 | 000,000,000 | ---D | C] -- C:\Users\hki\AppData\Roaming\Dropbox [2009.09.03 10:44:43 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.13 08:14:23 | 000,000,000 | ---- | M] () -- C:\Users\hki\defogger_reenable [2012.07.13 08:04:43 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\hki\Desktop\mbam-setup-1.61.0.1400.exe [2012.07.13 08:04:43 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\hki\Desktop\OTH.scr [2012.07.13 08:01:23 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.13 07:59:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\hki\Desktop\OTL.exe [2012.07.13 07:59:45 | 000,050,477 | ---- | M] () -- C:\Users\hki\Desktop\Defogger.exe [2012.07.13 06:55:37 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.13 06:55:37 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.13 06:54:27 | 001,790,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.13 06:54:27 | 000,767,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.13 06:54:27 | 000,710,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.13 06:54:27 | 000,172,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.13 06:54:27 | 000,141,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.13 06:48:57 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.13 06:48:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.13 06:48:05 | 536,195,071 | -HS- | M] () -- C:\hiberfil.sys [2012.07.12 08:17:10 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.07.07 17:30:27 | 000,001,054 | ---- | M] () -- C:\Users\hki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk [2012.07.07 17:30:27 | 000,000,952 | ---- | M] () -- C:\Users\hki\Desktop\TimeLeft.lnk [2012.06.25 13:37:56 | 654,213,127 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.24 12:40:50 | 000,409,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.24 09:16:22 | 000,000,983 | ---- | M] () -- C:\Users\hki\Desktop\TIPP10.lnk [2012.06.24 09:14:35 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.13 08:14:23 | 000,000,000 | ---- | C] () -- C:\Users\hki\defogger_reenable [2012.07.13 07:59:15 | 000,050,477 | ---- | C] () -- C:\Users\hki\Desktop\Defogger.exe [2012.07.12 08:17:10 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.07.07 17:30:27 | 000,001,054 | ---- | C] () -- C:\Users\hki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk [2012.07.07 17:30:27 | 000,000,952 | ---- | C] () -- C:\Users\hki\Desktop\TimeLeft.lnk [2012.06.25 13:37:56 | 654,213,127 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.06.24 09:16:22 | 000,000,983 | ---- | C] () -- C:\Users\hki\Desktop\TIPP10.lnk [2012.06.24 09:14:35 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.20 10:33:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.01.20 10:29:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.08 09:58:29 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.06 13:18:52 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2011.06.21 22:12:06 | 011,169,792 | ---- | C] () -- C:\Users\hki\AppData\Roaming\Sandra.mdb [2011.04.17 12:54:42 | 000,007,597 | ---- | C] () -- C:\Users\hki\AppData\Local\Resmon.ResmonCfg [2011.03.30 22:13:46 | 001,767,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.18 09:28:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.18 01:15:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.08.25 23:25:38 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\Ableton [2011.11.13 16:23:52 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\Audacity [2012.06.17 16:26:09 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\Dropbox [2012.05.08 15:10:05 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\elsterformular [2011.03.18 11:19:05 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\Engelmann Media [2012.07.07 17:30:26 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\NesterSoft [2011.04.03 08:10:04 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\OpenOffice.org [2011.03.18 08:37:22 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\PowerCinema [2011.03.18 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\Serif [2011.06.21 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\hki\AppData\Roaming\XSManager [2012.04.17 14:14:54 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Ableton [2012.06.19 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Dropbox [2011.06.23 13:23:00 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Engelmann Media [2012.07.07 17:30:31 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\NesterSoft [2011.03.31 19:13:12 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\OpenOffice.org [2012.01.05 12:56:11 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Opera [2012.03.15 01:58:28 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\PowerCinema [2012.01.20 10:34:03 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Samsung [2011.03.27 16:04:19 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Serif [2012.03.15 01:58:28 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\SoftDMA [2011.08.24 12:36:21 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Template [2012.07.07 14:47:24 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\TIPP10 [2011.12.05 13:49:58 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\XSManager [2012.06.20 15:26:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Emsisoft habe ich auch benutzt, aber direkt wieder gelöscht. Das Programm hat keinen Fund gemeldet. Einen Logeintrag habe ich leider nicht mehr gefunden. Bernd |
|
14.07.2012, 16:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Live Security Platinum entfernt?Code:
ATTFilter D:\Spiele\Batman Arkham City\Batman.Arkham.City-FiGHTCLUB.part01.rar
 Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ |
|
| Themen zu Live Security Platinum entfernt? |
| avira, avira searchfree toolbar, bho, call of duty, ebay, emsisoft, entfernt?, error, excel, failed, flash player, google, google earth, grand theft auto, home, install.exe, installation, kaspersky, logfile, microsoft office word, mozilla, office 2007, popup, realtek, registry, scan, schädling, searchscopes, security, server, software, staropen, stick, usb, viren, windows |
Linear-Darstellung
